[pkg-golang-devel] Bug#795106: golang: CVE-2015-5739 CVE-2015-5740 CVE-2015-5741

Tianon Gravi admwiggin at gmail.com
Wed Aug 12 04:40:45 UTC 2015


On 10 August 2015 at 16:04, Tianon Gravi <admwiggin at gmail.com> wrote:
> Looks like we need to work on backporting three commits to 1.0.2,
> 1.3.3, and 1.4.2:
>
> - https://github.com/golang/go/commit/117ddcb83d7f42d6aa72241240af99ded81118e9
> - https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f
> - https://github.com/golang/go/commit/143822585e32449860e624cace9d2e521deee62e

The attached patch is all three of these fix commits, and works as-is on 1.4.2.

Will start working on a patch we can include in 1.3.3 next.

♥,
- Tianon
  4096R / B42F 6819 007F 00F8 8E36  4FD4 036A 9C25 BF35 7DD4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cve-2015-5739-5740-5741.patch
Type: text/x-patch
Size: 11824 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-golang-devel/attachments/20150811/88ff383f/attachment-0003.bin>


More information about the pkg-golang-devel mailing list